Complete Social Engineering Training Course
Learn how hackers hack Windows, Linux & Android by using Social Engineering and protect yourself from phishing attacks
What is Social Engineering?
Social engineering means stealing of information, money or credit card data by tricking a person. For this, criminals use different mediums of communication, including phone calls, texts, faxes, emails, mobile apps, fake websites, and in-person meetings.
Such tricks differ from common cyberattacks that extract this information by hacking devices. Rather than using viruses, the criminals resort to coercion, deception, and threats to trick the victim.
The most common techniques of social engineering use honey traps laid via phishing and spear phishing emails. They can also take the form of quid pro quo arrangements, in which a person is trapped by offering them sweeteners, such as discount coupons and free prizes.
Unfortunately, the only trick to guard against social engineering is constant vigilance. To be careful with what you share and with whom you share your personal information. But, there are steps that can help raise alarms when criminals try to social engineer you.
Although sometimes neglected in favor of technical security measures, social engineering can often be the Achilles’ heel of an organization. Hackers and other criminals may well find it easier to trick unsuspecting employees out of sensitive information than to break through other security systems.
To steal business secrets, criminals either resort to cyberattacks, or try to trick people connected with the business. Such attacks that resort to tricking or misleading a person into revealing sensitive information are labeled as social engineering.
As you go through this course, you’ll learn about how social engineering works. We’ll help you understand how attackers choose targets for such attacks. Along with this, you’ll learn about the main methods of social engineering, including online impersonation, physical intrusion, and direct manipulation, such as bribery and threats. Then, we’ll look at prevention and response.
This includes, reducing data leakage and access control. And lastly, you’ll learn to spot and respond to social engineering attacks.
|Course Name||Social Engineering|
|Course Type||Interactive online training|
|Format||LM-light, SCORM 1.2|
|Supported Devices||Desktop/Laptop, Tablet, Phone|
|Last Updated||June 30, 2021|
What you’ll learn
- What is social engineering?
- How attackers select their victims
- How social engineering attacks work
- Impersonation, physical and direct manipulation
- How to minimize the risk of an attack happening
- How to spot and respond appropriately to social engineering
- What is Social engineering
- Structure of this course
- Introduction to Social engineering
- Some examples of social engineering
- Social engineering and identity theft
- What attackers are looking for?
- The seven deadly sins to avoid
- Typical targets of social engineering
- How attackers work?
- Techniques for exploiting weaknesses
- How attackers use Impersonation
- Beware of phony phone calls
- How criminals use emails
- What is the Nigerian (or 419) scam
- The threat of physical intrusion
- What is tailgating?
- Be careful of visitors and hidden cameras
- What is direct manipulation?
- Examples of social engineering attacks
- Starting points for attackers
- How to reduce data leakage
- Benefits of access controls
- How to spot attacks
- Responding to attacks
- What you should have learned
Who Should Attend?
- IT security staff who need to expand their understanding of their attack surface
- System and network administrators who want to defend their systems against social engineering attacks
- Staff members that use PCs, laptops, mobile devices to connect with office network
Here you can review some statistics about our Education Center
Start Your Certification Course Today
In the simplest terms, social engineers means tricking or manipulating a person to steal business information rather than hacking into computers.
The most common form of social engineering is impersonation. Criminals would impersonate an official you can trust, or pretend to be an employee in urgent need of the sensitive information they want to steal.
Criminals can also resort to physical intrusion to steal what they want. This includes signing up for a guided tour, tailgating, applying for a job, or impersonating a cleaning company.
Direct manipulation is another form of social engineering that criminals resort to regularly. This includes bribing, blackmail, and threats. If you find that you’ve been subjected to any of these forms of attacks, you should report it immediately.
Unlike phishing, spear phishing attacks resort to targeting individuals with an intention to steal their office credentials or infect their computer with malware.
In practice, spear phishing attacks use multiple modes of communication, such as emails, phone calls, and text messages to lure their targets. First, the criminals use various tactics to first build trust with their target. Then, they slip in a malicious email or message to the unsuspecting user.
The malicious email could either contain malware, which, if installed, would allow the criminals to hack into the victim’s computer network. Or, it could be a trick to steal their office credentials. This too would allow the threat actors to intrude into the victim’s organization.
Criminals begin social engineering attacks by researching their targets. Such research is done over the Internet. They look for details, such as organizational charts, email addresses and phone numbers, and employees’ personal information, such as hobbies and affiliations.
Criminals need this data to engineer a profile that you could be lured to trust. Therefore, your first step should be to reduce such data leakage. You can do this by reducing the data you publish online.
Next, enforce strict access controls. This includes physical and electronic access as well. This should be particularly true for work locations that handle sensitive data, important software, servers, networks, and databases. Only those with need should receive access.
To trap you using social engineering, most criminals rely on impersonation techniques. For this, they’d try to impersonate someone you trust using phony phone calls, spear phishing emails, business email compromise, stolen business and ID cards, and phishing.
For protecting yourself from social engineering attacks, use the three point technique that we suggest in the course – Reduce data leakage, put in place access control, and train yourself and your employees to spot social engineering attacks.
Perhaps the Nigerian (or 419) scam is the best known example of social engineering. It’s also known as the “advanced fee scam”. Earlier examples of the 419 scam can be traced to the 1920s and earlier. In 2016, the FBI’s Internet Crime Center received complaints of more than $1 million lost to the Nigerian scam.